`vault policy write` succeeds despite control group authorisation being required.

[luke-clifton]

Describe the bug If a policy allows write access to the policies endpoints, but requires control group authorization, using the Vault CLI to run the command

vault policy write ....

will result in the CLI printing that the policy was successfully written, which it is not.

Expected behavior The Vault CLI should recognize that the response contains the control group wrapped response, and display that to the user who can then go an get the authorization

Current workaround is to tell people not to use the vault policy subcommand, and use vault write only.

Environment:

• Vault Server Version (retrieve with vault status): any enterprise Vault version
• Vault CLI Version (retrieve with vault version): 1.8 -> 1.10 were tested.